-
Notifications
You must be signed in to change notification settings - Fork 22
JSON
joshua-roberts edited this page Aug 30, 2024
·
8 revisions
The JSON schema can be referenced from this repository at https://raw.githubusercontent.com/usnistgov/policy-machine-core/master/src/main/resources/json/pm.schema.json.
String json = pap.serialize(new JSONSerializer());pap.deserialize(new UserContext("u1"), json, new JSONDeserializer());{
"resourceOperations": [
"read",
"delete_readme",
"delete_project",
"write"
],
"graph": {
"pcs": [
{
"name": "RBAC"
},
{
"name": "Location"
}
],
"uas": [
{
"name": "US user",
"assignments": [
"Location"
],
"associations": [
{
"target": "US project",
"arset": [
"*"
]
}
]
},
{
"name": "reader",
"assignments": [
"employee"
],
"associations": [
{
"target": "project",
"arset": [
"read"
]
}
]
},
{
"name": "EU user",
"assignments": [
"Location"
],
"associations": [
{
"target": "EU project",
"arset": [
"*"
]
}
]
},
{
"name": "writer",
"assignments": [
"reader"
],
"associations": [
{
"target": "project",
"arset": [
"write"
]
}
]
},
{
"name": "employee",
"assignments": [
"RBAC"
]
},
{
"name": "deleter",
"assignments": [
"employee"
],
"associations": [
{
"target": "project",
"arset": [
"write"
]
}
]
}
],
"oas": [
{
"name": "EU project",
"assignments": [
"Location"
]
},
{
"name": "us_project1",
"assignments": [
"US project",
"project"
]
},
{
"name": "project",
"assignments": [
"RBAC"
]
},
{
"name": "eu_project1",
"assignments": [
"project",
"EU project"
]
},
{
"name": "US project",
"assignments": [
"Location"
]
}
],
"users": [
{
"name": "eu_writer1",
"assignments": [
"EU user",
"writer"
]
},
{
"name": "us_writer1",
"assignments": [
"US user",
"writer"
]
},
{
"name": "eu_reader1",
"assignments": [
"EU user",
"reader"
]
},
{
"name": "us_reader1",
"assignments": [
"US user",
"reader"
]
}
],
"objects": [
{
"name": "eu_project1 README",
"assignments": [
"eu_project1"
]
},
{
"name": "us_project1 README",
"assignments": [
"us_project1"
]
}
]
},
"prohibitions": [],
"obligations": [
"create obligation \"create us project admin\" {\n create rule \"us project\"\n when any user\n performs \"createProject\"\n on {\n locProjectAttr: \"US project\"\n }\n do (ctx) {\n createProjectAdmin(ctx.operands.projectName)\n }\n\n create rule \"eu project\"\n when any user\n performs \"createProject\"\n on {\n locProjectAttr: \"EU project\"\n }\n do (ctx) {\n createProjectAdmin(ctx.operands.projectName)\n }\n\n}"
],
"operations": [
"operation deleteProject(nodeop string projectName) {\n check \"delete_project\" on projectName\n} {\n delete OA projectName\n}",
"operation createProject(string projectName, nodeop string locProjectAttr) {\n check \"assign_to\" on \"project\"\n check \"assign_to\" on locProjectAttr\n} {\n create OA projectName in [\"project\", locProjectAttr]\n create O projectName + \" README\" in [projectName]\n}",
"operation deleteReadme(nodeop string projectReadme) {\n check \"delete_readme\" on projectReadme\n} {\n delete O projectReadme\n}",
"operation createProjectAdmin(string projectName) {\n uaName := projectName + \" admin\"\n create UA uaName in [\"writer\"]\n associate uaName and projectName with [\"*\"]\n create prohibition \"deny admin delete README\"\n deny UA uaName\n access rights [\"delete_readme\"]\n on union of [projectName]\n}"
],
"routines": [
"routine deleteAllProjects(string locProjectOA) {\n foreach project in getAdjacentAscendants(locProjectOA) {\n deleteReadme(project + \" README\")\n deleteProject(project)\n }\n}"
]
}